projects / matthijs / projects / wipi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9eeb02a)
phpbb_login: Make the table prefix configurable.
authorMatthijs Kooijman <matthijs@stdin.nl>
Mon, 28 Jun 2010 11:36:47 +0000 (13:36 +0200)
committerMatthijs Kooijman <matthijs@stdin.nl>
Mon, 28 Jun 2010 11:36:47 +0000 (13:36 +0200)
conf/auth/phpbb_login.py patch | blob | history
conf/farmconfig.py patch | blob | history

diff --git a/conf/auth/phpbb_login.py b/conf/auth/phpbb_login.py
index 0e93517fcec53092fdf227e50a051aec61412b35..dbf343edf3ea00302ec5cbc6cf2428f57f5de903 100644 (file)
--- a/conf/auth/phpbb_login.py
+++ b/conf/auth/phpbb_login.py
@@ -17,7 +17,7 @@ class phpbb_login(BaseAuth):
     logout_possible = True
     login_inputs    = ['username', 'password']
     
     logout_possible = True
     login_inputs    = ['username', 'password']
     
-    def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, hint=None):
+    def __init__(self, name='phpbb', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, phpbb_prefix='', hint=None):
         """
             Authenticate using credentials from a phpbb database
 
         """
             Authenticate using credentials from a phpbb database
 
@@ -30,6 +30,7 @@ class phpbb_login(BaseAuth):
         self.dbpass  = dbpass
         self.dbname  = dbname
         self.dbport  = dbport
         self.dbpass  = dbpass
         self.dbname  = dbname
         self.dbport  = dbport
+        self.phpbb_prefix = phpbb_prefix
         self.name    = name
         self.hint    = hint
     
         self.name    = name
         self.hint    = hint
     
@@ -42,9 +43,13 @@ class phpbb_login(BaseAuth):
         if not conn:
             return False
 
         if not conn:
             return False
 
-        # Get some data
+        # Get some data. Note that we interpolate the prefix ourselves, since
+        # letting the mysql library do it only works with values (it adds ''
+        # automatically). Note also that this allows possible SQL injection
+        # through the phpbb_prefix variable, but that should be a trusted
+        # value anyway.
         cursor = conn.cursor ()
         cursor = conn.cursor ()
-        cursor.execute ("SELECT user_password,user_email FROM lex_users WHERE username=%s", username)
+        cursor.execute ("SELECT user_password,user_email FROM `%susers` WHERE username=%%s" % self.phpbb_prefix, username)
 
         # No data? No login.
         if (cursor.rowcount == 0):
 
         # No data? No login.
         if (cursor.rowcount == 0):
diff --git a/conf/farmconfig.py b/conf/farmconfig.py
index 2dd9e2b4b22d029f591827ff6ba7816d7063e3ba..57511d02681438f267b944d9ca2032ecdb21bda2 100644 (file)
--- a/conf/farmconfig.py
+++ b/conf/farmconfig.py
@@ -173,6 +173,7 @@ class FarmConfig(DefaultConfig):
         dbuser  = phpbb_dbuser,
         dbpass  = phpbb_dbpass,
         dbname  = phpbb_dbname,
         dbuser  = phpbb_dbuser,
         dbpass  = phpbb_dbpass,
         dbname  = phpbb_dbname,
+        phpbb_prefix = 'lex_',
         hint    = "Hier kunnen bestuursleden van Evolution Events inloggen om wijzigingen te maken."
     )
     auth = [phpbb]
         hint    = "Hier kunnen bestuursleden van Evolution Events inloggen om wijzigingen te maken."
     )
     auth = [phpbb]
Wipi - Evolution Events Moinmoin instance